Your message dated Thu, 03 Jan 2019 17:22:21 +0100
with message-id <[email protected]>
and subject line Closing bugs reported against unsupported versions
has caused the Debian Bug report #781881,
regarding Improve security log on asterisk 1.8
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
781881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781881
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.8.13.1~dfsg1-3+deb7u3
Tags: wheezy,security
I found this message on my asterisk log and begin research how to prevent this
attack using fail2ban but this message do not have the remote ip
[Apr 4 04:18:56] NOTICE[6054]: chan_sip.c:22653 handle_request_invite: Failed
to authenticate device 200<sip:[email protected]>;tag=54c80643
[Apr 4 04:22:21] NOTICE[6054]: chan_sip.c:22653 handle_request_invite: Failed
to authenticate device 200<sip:[email protected]>;tag=5d4982ba
[Apr 4 04:35:06] NOTICE[6054]: chan_sip.c:22653 handle_request_invite: Failed
to authenticate device 300<sip:[email protected]>;tag=0f0225aa
[Apr 4 04:36:58] NOTICE[6054]: chan_sip.c:22653 handle_request_invite: Failed
to authenticate device 300<sip:[email protected]>;tag=82b0bd6e
[Apr 4 04:40:09] NOTICE[6054]: chan_sip.c:22653 handle_request_invite: Failed
to authenticate device 300<sip:[email protected]>;tag=83fc8936
[Apr 4 04:43:11] NOTICE[6054]: chan_sip.c:22653 handle_request_invite: Failed
to authenticate device 300<sip:[email protected]>;tag=2c1c50cf
many other messages has remote ip and make pissible to write a fail2ban filter
to block this DoS just like this:
[Apr 1 00:13:09] NOTICE[17938] chan_sip.c: Call from '' (108.161.136.44:5081)
to extension '0015207200160' rejected because extension not found in context
'default'.
this patch solve the problem:
--- a/channels/chan_sip.c 2015-04-04 05:20:01.458550294 -0300
+++ b/channels/chan_sip.c 2015-04-04 05:25:33.640466116 -0300
@@ -22650,7 +22650,7 @@ static int handle_request_invite(struct
goto request_invite_cleanup;
}
if (res < 0) { /* Something failed in authentication */
- ast_log(LOG_NOTICE, "Failed to authenticate device
%s\n", get_header(req, "From"));
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s
for '%s'\n", get_header(req, "From"), ast_sockaddr_stringify(addr));
transmit_response_reliable(p, "403 Forbidden", req);
p->invitestate = INV_COMPLETED;
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
--
Fernando Toledo
15 5515-3794
PressEnter Coop. Ltda.
http://www.pressenter.com.ar
tw: @PressEnterComAr
--- End Message ---
--- Begin Message ---
Dear user,
thanks for helping us making Debian better by reporting this bug.
Unfortunately it could not be dealt with in time. We lack the manpower
to check all currently open bugs whether they still apply for the
current version. Therefor we are closing old issues hoping that the
documented problem has already been resolved.
If you can still reproduce this issue with a supported version of
Debian/Asterisk
- 13.14 in Debian Stretch
- 13.23.1 in Debian Buster/Sid (right now)
- 16.1.0 in Experimental (soon in buster/sid I hope)
please feel free to reopen this bug.
Thanks,
Bernhard
--- End Message ---
